Webmaster General Forum

I've got an ordering system that asks for a fair bit of info from the customer. At the start, I use cookies for the basic info, but after that they need to create an account so the rest can be stored in a database. My boss wants them to be able to go through the entire ordering process without having to sign up first, which means I'm going to have to store a fair amount of data in the cookies. This could be anything up to a lists of 1000s of names. Do you think I should use cookies for this, or work on some sort of temporary server-side database, which when they order then goes into the permanent database?

Official maximum size for a HTTP cookie header is 4K. So the actual cookie will be slightly smaller. Some browsers will work with bigger cookies, others won't.

A short cookie as a unique transaction-id, and the data in a temporary part of the database sounds a better approach. You never know what havoc a hacker can do if they start editing cookies that contain meaningful data.

Just remenber to have a daily (?) task that deletes abandoned carts -- otherwise your server's hard drives will one day overflow.